My Oracle Support Banner

Two Way SSL (Client Verification) Fails When Using GCM Ciphers in 12.2.1.0.0 Oracle HTTP Server (Doc ID 2284372.1)

Last updated on DECEMBER 25, 2017

Applies to:

Oracle HTTP Server - Version 12.2.1.0.0 to 12.2.1.0.0 [Release 12c]
Information in this document applies to any platform.

Symptoms

Using Oracle HTTP Server (OHS) 12.2.1.0.0 and having configured two way SSL, the connection fails after providing the client certificate.

This may only occur using some browser brands or versions.

Following is directive to configured two way SSL

    SSLVerifyClient require


For example,

<Location /FirstJSP/protected>
 SSLVerifyClient require
....
</Location>



An error is shown in the browser after providing the client certificate,

This site can't provide a secure connection
<host.domain> sent an invalid response

ERR_SSL_PROTOCOL_ERROR


OHS debug logging reports that the affected browser is using GCM ciphers with an entry similar to this

OHS:2183 NZ Trace message: Cipher=ECDHE-RSA-AES128-GCM-SHA256


Unaffected browsers will show a different cipher that does not include the GCM string.

Changes

 No other changes were made.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.